Upgrading ThreatLockDown agents on Linux systems

Select your package manager and follow the instructions to upgrade the ThreatLockDown agent locally. If you want to perform a remote upgrade, check the Remote agent upgrade section to learn more.

Note

You need root user privileges to run all the commands described below.

  1. Import the GPG key.

    # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
    
  2. Add the ThreatLockDown repository.

    # cat > /etc/yum.repos.d/wazuh.repo << EOF
    [wazuh]
    gpgcheck=1
    gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
    enabled=1
    name=EL-\$releasever - Wazuh
    baseurl=https://packages.wazuh.com/4.x/yum/
    protect=1
    EOF
    
  3. Clean the YUM cache.

    # yum clean all
    
  4. Upgrade the ThreatLockDown agent to the latest version.

    # yum upgrade wazuh-agent
    
  5. It is recommended to disable the ThreatLockDown repository in order to avoid undesired upgrades and compatibility issues as the ThreatLockDown agent should always be in the same or an older version than the ThreatLockDown manager.

    # sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
    

Note

When upgrading agents from versions earlier than 4.x, make sure that the communication protocol is compatible. Up to that point, UDP was the default protocol and it was switched to TCP for later versions. Edit the agent configuration file ossec.conf to update the protocol or make sure that your ThreatLockDown manager accepts both protocols.